不同签名技术产生的不同数字签名 [英] Different digital signatures produced by different signing technologies
问题描述
我有这样的输入:
- 摘要(sha1).
- X509证书,由makecert工具制作.所以公钥算法是sha1WithRsa.
- 证书的私钥,也由makecert工具制作.
我想使用rsa签名算法对摘要进行签名.我使用了以下签名技术:
- 我自己的签名者(实际上使用Microsoft Strong Crypto Provider)
- BouncyCastle
- Openssl
每个人都会生成并验证签名.但是我有3个不同的签名作为输出.我尝试了很多次.这些签名不是随机的.我收到3个不变的签名.怎么会这样?有人有这样的问题吗?我在某件事上错了吗?
更新
Base64值:
哈希:
XN9ADbe4NVnSscjRGvBnWe1bDaw =
MySigner的签名:
aRiRJgYmFKl8i8 + FTUbr8Ah9sWybNw2XyFLVttaxrWzhj14nRuyL5qSXxaL4/B0etKZQH5qipZB04wx8 + aoRnnHxNcLFddyxMk7aUmilo + 58k4KYGYBKYGYKY2KY2Y
BouncyCastle的签名:
WP1iU2nuooneikMLCaWR9i03B + ISp8 + P + C/OqYHNF0qGioIbaRWCPHhxJqhCJdayr6T/X2XPjE2XebITmSmnd4JQgyECK77ju7AxCgBxIAWvzwDmCrCvB4C7BK4CK7BKCK4CK4CK7BK4CK4B3CB4C4B3B
Openssl的签名:
lRk/kX/+ 1vUmHLIKNmZy5h84K2ryu9GtfIp2XXeTsJJz96i7tqNg + EU/c9KkRhcbf4kFMt/O8HLLp9nNSrm5VafNCrPTmOWJMfRrRzxH1BR8sjqmT8HW7KWQHW7KWQHW7KWQHW7KWQHQWKHQW7KWQHQWKHQKTWKHQW9KTQHW9KTQKTWK9KTW7K9W9K7W9K7W9K7W9K4K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7W7K7WQK7W7K8W7K7W7KW7K6K5K5K5K5K5K5K5K5K5K5K5K5K0W5国立大学校园网''''R R R R R R R R R
更新
字节文件 http://download.files.namba.kg/files/5637461
更新
用BouncyCastle签署摘要的代码
公共无效的SignWithBouncyCastle(){byte []摘要= File.ReadAllBytes(@"d:\ public \ signatures \ digest");byte []签名= null;TextReader textReader =新的StreamReader(@"e:\ PresentCert \ RootCATest2.pem");//具有私钥和公钥的文件PemReader pemReader =新的PemReader(textReader);对象obj = pemReader.ReadObject();AsymmetricCipherKeyPair ackp;ackp =(AsymmetricCipherKeyPair)obj;RsaDigestSigner签名者=新的RsaDigestSigner(新的Sha1Digest());signer.Init(true,ackp.Private);signer.BlockUpdate(摘要,0,摘要.长度);签名= signer.GenerateSignature();signer.Init(false,ackp.Public);signer.BlockUpdate(摘要,0,摘要.长度);bool r = signer.VerifySignature(signature);//r为真File.WriteAllBytes(@"d:\ public \ signatures \ bouncycastle",签名);}
然后我使用以下命令使用openssl验证签名:
openssl rsautl -verify -inkey e:\ PresentCert \ pubRootCATest2.pem -pubin -in d:\ public \ signatures \ bouncycastle-已验证
比较文件
comp已验证d:\ public \ signs \ bouncycastle
它们是不同的.
更新
更正的代码
公共无效SignMessageWithBouncyCastle(){//File.WriteAllBytes(@"c:\msg,Encoding.UTF8.GetBytes(" the_secret_message));;byte [] msg = File.ReadAllBytes(@"c:\ msg");byte []签名= null;TextReader textReader =新的StreamReader(@"e:\ PresentCert \ RootCATest2.pem");//具有私钥和公钥的文件PemReader pemReader =新的PemReader(textReader);对象obj = pemReader.ReadObject();AsymmetricCipherKeyPair ackp;ackp =(AsymmetricCipherKeyPair)obj;RsaDigestSigner签名者=新的RsaDigestSigner(新的Sha1Digest());signer.Init(true,ackp.Private);signer.BlockUpdate(msg,0,msg.Length);签名= signer.GenerateSignature();signer.Init(false,ackp.Public);signer.BlockUpdate(msg,0,msg.Length);bool r = signer.VerifySignature(signature);//r为真File.WriteAllBytes(@"c:\ bouncycastle",签名);}
这次我使用了这个openssl命令:
openssl dgst -sha1 -verify c:\ pubRootCATest2.pem-签名c:\ bouncycastle c:\ msg
结果被验证为合格!
您正在使用http://download.files.namba.kg/files/5637461
Update
Code to sign the digest with BouncyCastle
public void SignWithBouncyCastle()
{
byte[] digest = File.ReadAllBytes(@"d:\public\signatures\digest");
byte[] signature = null;
TextReader textReader = new StreamReader(@"e:\PresentCert\RootCATest2.pem"); // file with private key and public key
PemReader pemReader = new PemReader(textReader);
object obj = pemReader.ReadObject();
AsymmetricCipherKeyPair ackp;
ackp = (AsymmetricCipherKeyPair)obj;
RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());
signer.Init(true, ackp.Private);
signer.BlockUpdate(digest, 0, digest.Length);
signature = signer.GenerateSignature();
signer.Init(false, ackp.Public);
signer.BlockUpdate(digest, 0, digest.Length);
bool r = signer.VerifySignature(signature);
// r is true
File.WriteAllBytes(@"d:\public\signatures\bouncycastle", signature);
}
Then I validate signature with openssl using the command:
openssl rsautl -verify -inkey e:\PresentCert\pubRootCATest2.pem -pubin -in d:\public\signatures\bouncycastle -out verified
And compare files
comp verified d:\public\signatures\bouncycastle
They are different.
Update
Corrected code
public void SignMessageWithBouncyCastle()
{
//File.WriteAllBytes(@"c:\msg", Encoding.UTF8.GetBytes("the_secret_message"));
byte[] msg = File.ReadAllBytes(@"c:\msg");
byte[] signature = null;
TextReader textReader = new StreamReader(@"e:\PresentCert\RootCATest2.pem"); // file with private key and public key
PemReader pemReader = new PemReader(textReader);
object obj = pemReader.ReadObject();
AsymmetricCipherKeyPair ackp;
ackp = (AsymmetricCipherKeyPair)obj;
RsaDigestSigner signer = new RsaDigestSigner(new Sha1Digest());
signer.Init(true, ackp.Private);
signer.BlockUpdate(msg, 0, msg.Length);
signature = signer.GenerateSignature();
signer.Init(false, ackp.Public);
signer.BlockUpdate(msg, 0, msg.Length);
bool r = signer.VerifySignature(signature);
// r is true
File.WriteAllBytes(@"c:\bouncycastle", signature);
}
And I used this openssl command this time:
openssl dgst -sha1 -verify c:\pubRootCATest2.pem -signature c:\bouncycastle c:\msg
And result was Verified OK!
You're using RSA PSS. There is more than one valid signature.
这篇关于不同签名技术产生的不同数字签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!